Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-10-20T16:00:00
Updated: 2014-10-20T15:57:00
Reserved: 2012-10-29T00:00:00
Link: CVE-2012-5694
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-10-20T16:55:05.713
Modified: 2014-12-16T17:21:35.257
Link: CVE-2012-5694
JSON object: View
Redhat Information
No data.
CWE